lumma | bdb77e87b9d666634e182ea42482d9559125ca8e62c2399b8ad2c6b42395aaa8 | Triage

Submit
Reports

Overview

overview

Static

static

1

EpicInstal....0.msi

windows10-2004-x64

Resubmissions

17-12-2024 17:54

241217-wg6sqatlfv 10

17-12-2024 17:36

241217-v6vw3svjen 6

Sharing

General

Target

EpicInstaller-17.2.0.msi
Size

194.0MB
Sample

241217-wg6sqatlfv
MD5

392f66528c31a402484379f57d0605a1
SHA1

40d155146d49258d3f3e3d8bacc6c919ad8c1d35
SHA256

bdb77e87b9d666634e182ea42482d9559125ca8e62c2399b8ad2c6b42395aaa8
SHA512

24924b00dc61295ff9fd8f003addaa2f56e6774d2b6e20c068d0d538f0c2b1e2af9c6ca117b9718513218734596a93540e8674294ec67ea91f4dec865b473600
SSDEEP

3145728:HyCHcktJLbo4ZW0AF7PPMQxSkn2XbtOk1Ne4rkq//id544fVHBo9LE5XCJuo:Tc81WtsXk2XbcPdij4cJE5XC

Score

10^/10

lumma microsoft discovery persistence phishing privilege_escalation spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

EpicInstaller-17.2.0.msi

Resource

win10v2004-20241007-es

lumma microsoft discovery persistence phishing privilege_escalation spyware stealer

windows10-2004-x64

42 signatures

1800 seconds

Malware Config

Extracted

Family

lumma

Targets

- Target
  
  EpicInstaller-17.2.0.msi
- Size
  
  194.0MB
- MD5
  
  392f66528c31a402484379f57d0605a1
- SHA1
  
  40d155146d49258d3f3e3d8bacc6c919ad8c1d35
- SHA256
  
  bdb77e87b9d666634e182ea42482d9559125ca8e62c2399b8ad2c6b42395aaa8
- SHA512
  
  24924b00dc61295ff9fd8f003addaa2f56e6774d2b6e20c068d0d538f0c2b1e2af9c6ca117b9718513218734596a93540e8674294ec67ea91f4dec865b473600
- SSDEEP
  
  3145728:HyCHcktJLbo4ZW0AF7PPMQxSkn2XbtOk1Ne4rkq//id544fVHBo9LE5XCJuo:Tc81WtsXk2XbcPdij4cJE5XC
Score

10^/10

lumma microsoft discovery persistence phishing privilege_escalation spyware stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- A potential corporate email address has been identified in the URL: [email protected]
  phishing
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Detected potential entity reuse from brand MICROSOFT.
  phishing microsoft
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Installer Packages

Privilege Escalation

Event Triggered Execution

Installer Packages

Defense Evasion

System Binary Proxy Execution

Msiexec

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummamicrosoftdiscoverypersistencephishingprivilege_escalationspywarestealer

© 2018-2024

Terms | Privacy